A security vulnerability in nginx has been reported. This vulnerability is exploited via a null pointer dereference, and although this has been characterized as a Denial of Service attack, we suspect that it can be exploited to execute arbitrary code. As such, it’s important for all nginx users to upgrade or patch this vulnerability as soon as practicable.

All versions of nginx prior to 0.8.15, 0.7.62, 0.6.39 and 0.5.38 in the 0.8, 0.7, 0.6 and 0.5 nginx codelines are vulnerable.

Engine Yard customers have already been contacted via email about this issue. For Engine Yard Cloud customers, this patch will be automatically applied the next time you perform a deploy. All other customers should open a support ticket so that you can arrange an appropriate maintenance window with support.